Added MULTIPART_INVALID_PART flag

apache2/msc_multipart.c

@@ -654,6 +654,7 @@ static int multipart_process_boundary(modsec_rec *msr, int last_part, char **err
             }
         }
         else {
+            msr->mpd->flag_invalid_part = 1;
             msr_log(msr, 3, "Multipart: Skipping invalid part %pp (part name missing): "
                 "(offset %u, length %u)", msr->mpd->mpp,
                 msr->mpd->mpp->offset, msr->mpd->mpp->length);
@@ -945,7 +946,7 @@ int multipart_complete(modsec_rec *msr, char **error_msg) {
 
         if (msr->mpd->flag_header_folding) {
             msr_log(msr, 4, "Multipart: Warning: header folding used.");
-        }        
+        }
 
         if (msr->mpd->flag_crlf_line && msr->mpd->flag_lf_line) {
             msr_log(msr, 4, "Multipart: Warning: mixed line endings used (CRLF/LF).");
@@ -962,9 +963,13 @@ int multipart_complete(modsec_rec *msr, char **error_msg) {
             msr_log(msr, 4, "Multipart: Warning: invalid quoting used.");
         }
 
+        if (msr->mpd->flag_invalid_part) {
+            msr_log(msr, 4, "Multipart: Warning: invalid part parsing.");
+        }
+
         if (msr->mpd->flag_invalid_header_folding) {
             msr_log(msr, 4, "Multipart: Warning: invalid header folding used.");
-        }        
+        }
     }
 
     if ((msr->mpd->seen_data != 0) && (msr->mpd->is_complete == 0)) {

apache2/msc_multipart.h

@@ -117,6 +117,7 @@ struct multipart_data {
     int                      flag_boundary_whitespace;
     int                      flag_missing_semicolon;
     int                      flag_invalid_quoting;
+    int                      flag_invalid_part;
     int                      flag_invalid_header_folding;
     int                      flag_file_limit_exceeded;
 };

apache2/re_variables.c

@@ -1397,6 +1397,18 @@ static int var_multipart_missing_semicolon_generate(modsec_rec *msr, msre_var *v
     }
 }
 
+/* MULTIPART_INVALID_PART */
+
+static int var_multipart_invalid_part_generate(modsec_rec *msr, msre_var *var, msre_rule *rule,
+    apr_table_t *vartab, apr_pool_t *mptmp)
+{
+    if ((msr->mpd != NULL)&&(msr->mpd->flag_invalid_part != 0)) {
+        return var_simple_generate(var, vartab, mptmp, "1");
+    } else {
+        return var_simple_generate(var, vartab, mptmp, "0");
+    }
+}
+
 /* MULTIPART_INVALID_QUOTING */
 
 static int var_multipart_invalid_quoting_generate(modsec_rec *msr, msre_var *var, msre_rule *rule,
@@ -1449,6 +1461,7 @@ static int var_multipart_strict_error_generate(modsec_rec *msr, msre_var *var, m
             ||(msr->mpd->flag_lf_line != 0)
             ||(msr->mpd->flag_missing_semicolon != 0)
             ||(msr->mpd->flag_invalid_quoting != 0)
+            ||(msr->mpd->flag_invalid_part != 0)
             ||(msr->mpd->flag_invalid_header_folding != 0)
             ||(msr->mpd->flag_file_limit_exceeded != 0)
         ) {
@@ -2899,6 +2912,17 @@ void msre_engine_register_default_variables(msre_engine *engine) {
         PHASE_REQUEST_BODY
     );
 
+    /* MULTIPART_INVALID_PART */
+    msre_engine_variable_register(engine,
+        "MULTIPART_INVALID_PART",
+        VAR_SIMPLE,
+        0, 0,
+        NULL,
+        var_multipart_invalid_part_generate,
+        VAR_DONT_CACHE, /* flag */
+        PHASE_REQUEST_BODY
+    );
+
     /* MULTIPART_INVALID_QUOTING */
     msre_engine_variable_register(engine,
         "MULTIPART_INVALID_QUOTING",

modsecurity.conf-recommended

@@ -70,6 +70,7 @@ HF %{MULTIPART_HEADER_FOLDING}, \
 LF %{MULTIPART_LF_LINE}, \
 SM %{MULTIPART_MISSING_SEMICOLON}, \
 IQ %{MULTIPART_INVALID_QUOTING}, \
+IQ %{MULTIPART_INVALID_PART}, \
 IH %{MULTIPART_INVALID_HEADER_FOLDING}, \
 IH %{MULTIPART_FILE_LIMIT_EXCEEDED}'"